Federal Bank and Thrift Regulatory Agencies Seek Comment on Interagency Guidance on Identity Theft Response Programs
The federal bank and thrift regulatory agencies are seeking comment on proposed interagency guidance on financial institutions' response programs for unauthorized access to customer information and customer notice. The guidance describes the agencies' expectations that response programs address the compromise of sensitive customer information, including when to notify affected customers.
The Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision are seeking comment on the attached joint proposed guidance on financial institutions' response programs for unauthorized access to customer information and customer notice. Comments on the proposed guidance are due by October 14, 2003.
The proposed guidance interprets the FDIC's customer information security guidelines (12 CFR 364, app. B) and describes the FDIC's expectation that financial institutions should implement a response program to address the possible compromise of sensitive customer information. The response program should include written notice to customers in the event their sensitive customer information is compromised, unless the financial institution - after an appropriate investigation - reasonably concludes that misuse is unlikely to occur and takes appropriate steps to safeguard the interests of affected customers, including monitoring affected customers' accounts for unusual or suspicious activity.
Public comment is sought on all aspects of this proposal, including the potential burden posed by the information collection under the Paperwork Reduction Act of 1995. The submission of thoughtful comments on this important issue will assist the agencies in finalizing the guidance. Information on how to file comments is included in the attached Federal Register notice.
For more information, please contact Jeffrey M. Kopchik, Senior Policy Analyst, at (202) 898-3872, or Robert Patrick, Counsel, at (202) 898-3757.
Attachment: August 12, 2003, Federal Register, pages 47954-47960 PDF (64.7 KB File - PDF Help or Hard Copy)
Distribution: FDIC-Supervised Banks (Commercial and Savings)
NOTE: Paper copies of FDIC financial institution letters may be obtained through the FDIC’s Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (1-877-275-3342, option 5, or (703) 562-2200).